Small organizations typically have finite resources, both monetary and cybersecurity expertise. Yet, their cybersecurity needs can be equally demanding compared to larger organizations due to the numerous open endpoints and how information is stored and segmented.  Small business environments routinely expose data to numerous opportunities for it to be compromised, and unintentionally granting malicious access.  

As a result, we recommend small organizations recognize two necessities when building their cybersecurity policy. First, cybersecurity controls must be tailored to an organization’s unique requirements and structure. These requirements are determined by the nature of the information or data generated, received, transmitted, used and stored within its environment (including on-premise, remote workers and in the cloud). 

Second, there is no silver bullet or single solution. Effective cyber security incorporates multiple disciplines including data classification, network security, device & application security, identity management, access control, maintenance & vulnerability management, audit & log management, network monitoring, incident response, disaster recovery and more.

Failing to address each core discipline or applying cookie cutter implementations are common causes for cybersecurity breaches. 

The Cybersecurity Framework developed by NIST offers an effective approach to implement a secure technology environment for any organization.  The Framework offers five core functions to implement concurrently and continuously to form an operational culture that addresses the dynamic cybersecurity risk for the organization.   https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf

At Calyptix, we leverage this framework to optimize security for our small business customers, while keeping their costs minimal. 

Identify – develop a clear and precise understanding and business context of cybersecurity risk by identifying all systems & devices, people, applications, assets, data, and technology capabilities.   If you don’t know what and who is involved, you’ll never be able to secure it.

Protect – implement safeguards to protect the systems, devices and data, including unauthorized use or access.  

• Create a secure network environment.
• Implement secure device and application configurations.  
• Ensure secure identity management for every user of every system.
• Implement secure and reliable software maintenance for all systems, devices  and applications.
• Activate additional protective technologies to detect potential abuse.

Detect – implement activities to identify cybersecurity events that represent potential or actual threats to the security of systems & devices, user accounts, applications, assets, data, and technology capabilities. 

Respond – investigate and respond to each detected cybersecurity incident to create an ongoing iterative process of improvement. First mitigate  potential risks from the event and then identify and implement network, system and application configuration enhancements & improvements.

Recover – develop and implement methods to ensure resilience and restore any degraded or lost systems & devices, user accounts, applications, assets, data and technology capabilities impaired due to a cybersecurity incident.

The harsh truth is that total network security is very hard, if not impossible to achieve 100% of the time. Anything exposed to the Internet is at risk today. Therefore, it is more prudent to assume your network is insecure, and take the necessary steps to segment data and systems while implementing measures to shrink your attack surface.

We recognize that complexity is the enemy of good security - especially when it comes to cybersecurity. Oftentimes, the number one culprit of breaches is user or configuration errors on intricate systems. Misconfigurations, and subsequent human missteps, are extremely prevalent in these scenarios.

In addition, in an environment where work is happening on personal devices and networks, poor cyber hygiene, namely lack of patching and securing access, is common. 

To better understand your network security, we recommend asking yourself these questions:

1. Do I know who has access to each part of our business network?
2. Have we implemented a “least privileged” approach, granting clearly defined network access based on what they need access to?
3. Are all devices and software applications on the network maintained automatically with the most recent system and application software (including firewalls, access points, workstations, servers,  laptops, etc.)? 
4. Are our systems and data segmented based on data classification to ensure that our most sensitive information can only be accessed securely by authorized personnel? 
5. Do we automatically block access to known malicious IP addresses, both inbound and outbound?
6. Do we monitor our network to identify cybersecurity incidents that present risk to the security of our systems and data?
7. Do we maintain secure network event logs to ensure we can adequately investigate and respond to cybersecurity incidents?

If you answered NO to any of those questions, there is more you can do to secure your network.

Remote access does not have to be dangerous, but it can be without the proper infrastructure and processes in place. Remote access exposes systems to the Internet, widening opportunities for malicious access. VPNs are the most common tool used by organizations to manage remote access, but they can be cumbersome, expensive, and have recently proven to be vulnerable to attack.  Other tools, regardless of how proven effective, will also always be subject to attack. Without regular updates, security flaws and vulnerabilities can be rapidly exploited.

As a best practice, we always recommend implementing two-factor authentication to elevate access requirements and ensure proper user authentication. In addition, we recommend minimizing overall access with a least privileged approach and micro-segmentation of the data and systems.

Calyptix is proud to offer the Gatekeeper solution. This powerful tool, purpose-built for small businesses, provides secure remote access by SSH or Microsoft RDP with two factor authentication (2FA) for every network session before remote users can access systems. This approach ensures organizations don’t expose RDP or SSH ports or systems to the public Internet or unauthorized users. Gatekeeper addresses compliance requirements and facilitates adoption of best practices, including many outlined by NIST 800-53 and NIST 800-171.

Small businesses often have limited resources, yet multiple points of network entry through partners, employees and service providers. As a result, it is often easy to find and breach, and extract value. This is done through ransomware attacks, brute force attacks, leveraging systems to gain unauthorized access to others, and data extraction techniques. For cyber criminals, their tools and techniques have likewise evolved to be more efficient and effective. They leverage automated discovery and attack mechanisms, and often systematically exploit industries.

Without adequate safeguards, there is simply no hiding on the Internet - everything you connect directly to the Internet can be discovered, scanned, identified, probed, targeted and likely compromised, without adequate safeguards.

That is why we built the Community Shield. Our objective is to raise the cost and challenges for cybercriminals by seamlessly harnessing the power and intelligence of our small business and managed service provider community.  If they attack any one of our customers, everyone will get the benefit of the cyber threat intelligence.  Whether attackers use a Tor node, bulletproof proxy service, a virtual server from a US cloud provider or a compromised device, network or web site, they can only use it one time against our community! 

Would you rather fight cybercrime alone, or together with thousands of small businesses banded together?

If your organization depends on the Internet, you can NOT afford to ignore your cyber security requirements. Unfortunately, most cybersecurity providers build tools and services for large enterprises. They provide a “watered-down” approach for small businesses at a price point they can afford. 

At Calyptix, we know small businesses face just as grave of threats as large businesses - and the stakes can be even higher. A cyber breach could wipe a small business bankrupt in a day. 

Our packages are built to service a customers’ entire network security needs. This includes service and training. We provide the foundation and practices to implement sound cybersecurity and secure network configurations that are easy to maintain. Our partner network of managed service providers seamlessly leverages our capabilities, to provide a small business network security solution that meets the unique requirements of small businesses.

Whether you can afford cybersecurity shouldn’t be a question. It’s a must. Rather, ask yourself if you maximizing your return on your current security investment.

You can start right here!

Many companies have an “IT guy” - essentially, the person solely responsible for fixing anything from a broken computer screen to turning the WiFi back on at the office. Typically, this person is outsourced and available for a limited number of hours each month. 

At Calyptix, we recognize the value of an IT expert to keep close at hand. That is why we love working with our trusted and valued managed service providers (MSPs). However, they will likewise acknowledge that no organization or provider can offer everything. We gladly complement their existing services with our network security expertise and support team. 

It can be as simple as this. Calyptix provides the framework, and our MSP partners help implement secure network designs and secure configurations for work stations, servers, applications and cloud services. 

If you don’t have an MSP partner, let us know. We’ll gladly introduce you to one of our trusted partners, but don’t let that slow you down from reaching out to us today. We can get started right away.

Calyptix works with managed service providers and IT professionals to serve small businesses throughout the United States and Canada. To learn more about our partner programs click the button below.